malwarewikiaorg-20200223-history
Doomboot
Doomboot or Doomboot.A is a SymbOS trojan that installs corrupted binaries to prevent the device from booting, similar to Fontal. Payload Doomboot installs by Bluetooth, and undergoes the name as "Doom_2_wad_cracked_by_DFT_S60_v1.0.sis", trying to be a cracked version of Doom 2 for SymbOS. When this is installed, it installs corrupted binaries to the phone. This is hidden as the virus has also installed Commwarrior.B to the phone. The binaries are listed as the following: Etel.dll etelmm.dll etelpckt.dll etelsat.dll If the phone reboots, the corrupted binaries are loaded and the phone will fail to boot. Commwarrior.B also tries to spread the infection more by spreading through Bluetooth. This causes the battery drain quicker and thus the phone will run quickly out of battery. This is problematic as the phone will not boot again should the phone's power run out. Variants Like Skulls, this virus is one of the well-known SymbOS malware, hence Doomboot has 26 different variants. *Doomboot.B (Variant 1): This variant instead of installing Commwarrior, it installs an application that causes the phone to reboot. This is also problematic as the phone will not boot again if this application is run. It undergoes as "Restart_20.sis". *Doomboot.B (Variant 2): This variant drops Cabir, MGDropper, and Skulls.L also, and tries to corrupt applications on the phone. *Doomboot.C & Doomboot.Q (Variant 1): These variants drops Cabir variants (original, F, G, M), Skulls.D, and Doomboot.A. *Doomboot.D: It either install the same file with a different name, or installs additional non-malicious files, some that corrupts phone applications. It usually do not come with Commwarrior. *Doomboot.E: This variant is named "Jennifer Lopez Theme++ by Dj Hardcore.sis". *Doomboot.M undergoes as "exoVirusStop v 2.13.16.sis" and displays a message after installation: For Updates visit www.exosyphenstudio.com. If there is a virus re-boot your phone after disinfection *Doomboot.N is named "exoVirusStop v 1.69.90", attempts to install Cydog to a removable device, and displays a message after installation: For Updates visit http://www.exosyphenstudio.com/REMOVED. If there is a virus re-boot your phone after disinfection. *Doomboot.U: It is named "Symbian Anti-Virus.sis". After installation it displays the message: Symbian Anti-Virus Version 1.10 Copyright©2006 Symbian Ltd. * Phone Protection * Note: Restart Your Phone After installation complete. *Doomboot.F: Like Doomboot.E, it is named "Jennifer Lopez Theme++ by Dj Hardcore.sis". It also drops Skulls.D and Cabir.M and displays the following message after installation: This Installation was created with KVT Symbian Installer. Get it free from: www.kvtsoft.vze.com/Removed by Kheng Vandha ------------------ This Theme is a Special Edition, so the device need to be restarted! This theme is a new generationn of theme, Enjoy! Regards DFT! *Doomboot.G: It is named "Cowgirl Babe++ by Dj 6600.sis" and when installed it drops multiple Commwarrior.A and Commwarrior.B, alongside Fontal.A and displays the message after installation: This Installation was created with KVT Symbian Installer. Get it free from: www.kvtsoft.vze.com/Removed by Khang Vandha ------------------ This Theme is so good that you have to restart the device ;) A very hot theme by, DFT! *Doomboot.K: It undergoes as "F-secure Antivirus.sis". It is also known as Doomboot.R. *Doomboot.P: It displays a message before installation: Do you know this will help to maintain battery power put AntiVirus on battery against battery drainer virus Your Regards Ximplify If installed, it tries to corrupt applications, drops Cabir, Cabir.B, Locknut.A, Skulls.C, changes the application icons to generic application icons, blanks out all the application names, and displays the following message: App. closed AppArcServerThread *Doomboot.Q (Variant 2): It is named as "Symbian_DFT v1.0", corrupts the Application Manager and displays a message after installation: New Protection for Symbian Device created By Tomas DFT for Anti-files corrupt. ------------- Please Press OK And Restart Your Phone. *Doomboot.S: It is named "Security - Application.sis". If installed, it drops the following: Cardblock.A, Sendtool.A, Mos, Cabir, Mabir.A, Fontal.A, Blankfont.A, Pbstealer.A, Cabir.C, Commwarrior.A, and displays a message: Security - Application For Series 60 Copyright © 2006 0ID500 Inc. All rights reserved *** 0ID500 TEAM *** *Doomboot.T: It is named as "Leslie Loves.sis", after installation it installs Comwarrior.I and displays the message: File Uploading & Modified by REMOVED. *Doomboot.V: It is named as "restart 2.0.sis" and when installed it drops Skulls.A and displays the message: enjoy! whith this software, you can restart your phone with press only a button. *Doomboot.W: It is named as "Ximplify Battery Extender.sis". When installed, it drops Cabir, Cabir.B, MGDropper, Locknut, and displays the message: Do you know this will help to maintain battery power put AntiVirus on battery against battery drainer virus. Your Regards REMOVED *Doomboot.X: It undergoes as "simworks 1.2.2.sis" and drops Cabir, Cabir.B, Blankfont.A, Cdropper.H, Commwarrior.A, and Commwarrior.B. Category:SymbOS trojan Category:SymbOS Category:Trojan Category:Mobile Malware